iptables rule and/or proxy server help request
Mike Burger
mburger at bubbanfriends.org
Tue Jul 20 16:25:03 UTC 2004
I've got a pretty good iptables firewall in place which, at present,
allows fairly broad access to the net from the machines behind the
firewall.
What I'd like to do, now, is have the firewall forward outbound packets
for port 80 (to any address) to port 8080 on my server, which will then
proxy (DansGuardian+Squid or Privoxy).
I've tried this (keeping in mind that I'm trying it for one system, first,
before implementing it network-wide):
$IPTABLES -t nat -A PREROUTING -s 192.168.0.4 -p tcp --dport 80 -j DNAT
--to 192.168.0.1:8080
$IPTABLES -A FORWARD -i eth1 -p tcp --dport 80 -m state --state NEW -d
192.168.0.1 -j ACCEPT
I've tried using a "REDIRECT", but then connections go absolutely
nowhere...it seems that REDIRECT only works on the local system, not
across the network.
But then the proxies don't actually grab any info and present it back to
the browser.
If I set up direct proxy connections in the browsers, though, to the proxy
server at 8080, it works just fine.
Maybe it's not an iptables setting, but a proxy server setting I want?
I'm at a loss.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
To be notified of updates to the web site, visit
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
message to:
site-update-request at bubbanfriends.org
with a message of:
subscribe
More information about the redhat-list
mailing list